The Deputy Presiding Officer (Linda Fabiani): The first item of business is a debate on motion S5M-05515, in the name of Mark McDonald, on keeping children safe online.
14:30
... ... ...
15:51
The Deputy Presiding Officer (Christine Grahame): I do not know whether I should say this to you, Mr Stevenson, but I can be generous with the time available to you. I am sure that you will have an anecdote somewhere.
Stewart Stevenson (Banffshire and Buchan Coast) (SNP):
That is generous, and I will try not to abuse your trust. Two presiding officers have made that offer to me, so it would be impolite not to make use of it. [Laughter.]
When we go online, we are confronted with a series of risks. It is worth saying that I worked on my first online system in the 1960s, I sent my first email in 1980 and I first did my online banking using a public network in 1983. I have a long online history; others, similarly, will have a long online history, although mine might have begun even before some of the previous speakers were born. [Laughter.]
Daniel Johnson: Will the member give way?
Stewart Stevenson: I will, yes.
The Deputy Presiding Officer: I trust that your intervention is about Stewart Stevenson’s long history, Mr Johnson.
Daniel Johnson: It is, indeed, Presiding Officer. I was just wondering whether, given his recent remarks and in the context of Tavish Scott’s remarks about Socrates, Stewart Stevenson could confirm that he was, indeed, alive when Socrates was first consternated about writing. [Laughter.]
Stewart Stevenson: My great Uncle Socrates has said many wise things and we will continue to draw from the well of knowledge of the Greek—and Roman—philosophers. [Laughter.]
Let us return to matters more local and, in particular, the internet. Many of us will know nothing of the risks in going online; and, even if all the risks were explained to us, we might not understand what they are. New risks are being created—deliberately or accidentally—every single day.
One thing that I believe—I will return to this topic in more detail later—is that we should detect better those who are creating risks, so that we can hunt them down with the force of the law. For children, who are the focus of today’s debate, there are special risks. Being presented with material beyond their age carries with it the potential of psychological damage that could endure throughout their lives.
Children’s brains are plastic. The future operation of a child’s brain is more affected by present and past experience and knowledge than is an adult’s brain. Children have not yet acquired an adult set of critical faculties that enable the filtering out and discarding of inappropriate material. Comparatively, their brains lack the power to discriminate.
To oversimplify, probably, a complex piece of science, I should explain that until about puberty, many of our memories seem to be literal. We remember pictures and sounds—that is eidetic memory. As we become adults, our memory moves to an interpretive memory and we remember the meaning of our experience in preference to simply retaining a picture in our brain. That is much more convenient, because it enables us to create an index from which to retrieve information.
Just as we protect youngsters from physical danger, we need to protect them from psychological danger. What, therefore, are the particular dangers? As in the physical world, we want our young to avoid unsavoury characters who might exploit, abuse or otherwise harm them as individuals; we want them to avoid engagement with potentially corrupting material; and we want to protect their personal assets, however modest they may be.
As adults we—mostly—have the wherewithal to monitor and to guide, to a fair degree, a youngster’s contact with the world and the people in it. We understand the physical world pretty well. The focus of the plans that we are discussing today is on helping our children to access the internet safely. Doing so is both necessary and helpful, but the online story is highly complex and rapidly evolving.
There are about 4 billion people online and many more identities than that; multiple identities abound on the internet. The same will be true for most of us here, but anyone who chooses to interact with me on Twitter, where my handle is @zsstevens—I will repeat that in case members want to hear it again: @zsstevens—will see a little tick in a blue circle next to my name, which means that Twitter has verified that I am who I have said I am. That is quite important because, as far as Twitter is concerned, the ability to rely on that symbol removes a source of ambiguity of identity, which is what enables much—though not all—of the risk in the online world.
All responsible media providers need to make available similar identity-proved facilities. A certification system is already available for websites, the best of which are accessed via hypertext transfer protocol 1080, under which an S goes at the end of the “http” abbreviation and a lock appears that makes it clear that the website is certified. We now need robust and unbypassable software—perhaps required by law and perhaps enforced via ISPs at an appropriate point in the future—that can restrict communication only to verified online entities, in particular those that purport to be real people.
Let me give the chamber some international examples. Some 10 years ago, Estonia suffered the most extreme cyber attack from Russian-based hackers. The history of that is more than I have time to explain, but today the e-resident and other initiatives that this small Baltic state has put in place are transforming it into a world leader in creating a safe online world for citizens in their business lives. At €100 a pop, it remains too expensive for mass deployment to all—what I am holding up at the moment is a paper copy of an Estonian e-resident card; I have not spent €100 on one—but in the post-Brexit world, many UK citizens are looking at becoming Estonian e-residents, because of the advantages that it gives. Jamie Greene did not refer to this directly, but the system gives people the ability to electronically sign anything that is put on the internet, protecting the integrity of both the communication that is sent and those who receive it.
The Wired website describes Estonia as
“the most advanced digital society in the world”,
and other small nations that are our near neighbours—Macedonia, Serbia, Albania and Croatia—are carrying out legislative work in this area and are looking at electronic systems. They have something that appears to be a disadvantage but which, in this circumstance, is an advantage—namely, comparatively undeveloped infrastructures—and are leapfrogging present technologies into different futures.
We can look to India for another approach. In 2009, the Indian Government launched a massive project called Aadhaar to provide to everyone a digital identity based on an individual’s fingerprints and retina scans. As of 2016, the programme had issued 12-digit identification numbers to 1.1 billion people. It is believed to be the largest and most successful information technology project in the world and has created the foundations for a digital economy. Although it is voluntary, almost everyone from the totally illiterate to the billionaire banker wants to be part of it. Indeed, those involved in the system are currently running a competition for youngsters to produce 30-second videos that will support other youngsters in getting engaged with the internet and the Aadhaar system in an appropriate way.
By possessing unambiguous proof of identity and appropriate technology, Indian citizens can effect cashless transfer of value without banks, without central record and without worries. They can, for example, open bank accounts without the hassle that we have to go through, because they have an assured identity that they can use. Aadhaar is the kind of initiative that creates the potential for a safer online environment for adults and children alike.
The technology is already here so, although it just ain’t being implemented in this way, what could it make possible? For a start, every image, every text block, every blog—indeed, everything on the internet—could be marked incorruptibly and verifiably so that we would know which individual produced it. If we required that to be done, that would create for law enforcement the possibility of hunting down wrongdoers. We could require internet service providers, through which all internet traffic flows, to always check that they pass through to their subscribers only things that have been digitally signed. Of course, there are some difficulties with that. We would need anonymous hotlines as checks and balances on our system. Could that be dealt with? I will come back to that in a moment.
Software, verified identity and law can complement the plans in our Government’s paper. There is no time to waste. We could be world leaders, although others have got out of the starting blocks fairly easily. I am very happy to support the Government’s plan as it is.
Let me talk a little bit about how to deal with hotlines and whistleblowing.
The Deputy Presiding Officer: I will give you a little bit more time. I feel that I am at a seminar, which is very interesting, but I want to give other people extra time.
Stewart Stevenson: I am nearly there, Presiding Officer.
One of the ways in which we could deal with the proper use of anonymity is, of course, to license a restricted number of services that can receive unsigned material. They would then have responsibility for looking at that material and republishing it with their signature, having verified that it is appropriate to do so. Therefore, even in a world in which we require everyone to have an identity, there are ways to protect the rights of those who properly need to be anonymous.
In my speech, I have simply tried to say that there are some things that we could do in the long term. I could certainly speak for hours on the subject, but the Presiding Officer’s generosity is much appreciated. Members should be aware that there are many simplifications in what I have said. If they really want a seminar, I shall be in the bar at 5 o’clock.
The Deputy Presiding Officer: That is what I call using up extra time.
16:01